Revert OL modifications
This commit is contained in:
parent
1529e89a5f
commit
14a14fc29a
|
@ -1,61 +0,0 @@
|
||||||
From 4dd6f0ef98a89f7066a4c07b5d5e2165108332de Mon Sep 17 00:00:00 2001
|
|
||||||
From: rpm-build <rpm-build>
|
|
||||||
Date: Mon, 3 Oct 2022 08:01:07 -0700
|
|
||||||
Subject: [PATCH] Fix race condition
|
|
||||||
|
|
||||||
Orabug: 33609767
|
|
||||||
|
|
||||||
Signed-off-by: Darren Archibald <darren.archibald@oracle.com>
|
|
||||||
---
|
|
||||||
src/include/k5-int.h | 1 +
|
|
||||||
src/lib/krb5/os/changepw.c | 12 ++++++++++--
|
|
||||||
2 files changed, 11 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
|
|
||||||
index 46f2ce2..d59812b 100644
|
|
||||||
--- a/src/include/k5-int.h
|
|
||||||
+++ b/src/include/k5-int.h
|
|
||||||
@@ -186,6 +186,7 @@ typedef unsigned char u_char;
|
|
||||||
#define KRB5_CONF_AUTH_TO_LOCAL_NAMES "auth_to_local_names"
|
|
||||||
#define KRB5_CONF_CANONICALIZE "canonicalize"
|
|
||||||
#define KRB5_CONF_CCACHE_TYPE "ccache_type"
|
|
||||||
+#define KRB5_CONF_CHANGE_PW_NO_UDP "change_pw_no_udp"
|
|
||||||
#define KRB5_CONF_CLOCKSKEW "clockskew"
|
|
||||||
#define KRB5_CONF_DATABASE_NAME "database_name"
|
|
||||||
#define KRB5_CONF_DB_MODULE_DIR "db_module_dir"
|
|
||||||
diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c
|
|
||||||
index c592325..c6429c0 100644
|
|
||||||
--- a/src/lib/krb5/os/changepw.c
|
|
||||||
+++ b/src/lib/krb5/os/changepw.c
|
|
||||||
@@ -216,7 +216,8 @@ change_set_password(krb5_context context,
|
|
||||||
GETSOCKNAME_ARG3_TYPE addrlen;
|
|
||||||
krb5_error_code code = 0;
|
|
||||||
char *code_string;
|
|
||||||
- int local_result_code;
|
|
||||||
+ int local_result_code,tmp = 0;
|
|
||||||
+ k5_transport_strategy strategy = UDP_LAST;
|
|
||||||
|
|
||||||
struct sendto_callback_context callback_ctx;
|
|
||||||
struct sendto_callback_info callback_info;
|
|
||||||
@@ -255,10 +256,17 @@ change_set_password(krb5_context context,
|
|
||||||
callback_info.pfn_cleanup = kpasswd_sendto_msg_cleanup;
|
|
||||||
krb5_free_data_contents(callback_ctx.context, &chpw_rep);
|
|
||||||
|
|
||||||
+ code = profile_get_integer(context->profile,
|
|
||||||
+ KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CHANGE_PW_NO_UDP, 0,
|
|
||||||
+ 0, &tmp);
|
|
||||||
+
|
|
||||||
+ if ((!code) && (tmp == 1))
|
|
||||||
+ strategy = NO_UDP;
|
|
||||||
+
|
|
||||||
/* UDP retransmits may be seen as replays. Only try UDP after other
|
|
||||||
* transports fail completely. */
|
|
||||||
code = k5_sendto(callback_ctx.context, NULL, &creds->server->realm,
|
|
||||||
- &sl, NO_UDP, &callback_info, &chpw_rep,
|
|
||||||
+ &sl, strategy, &callback_info, &chpw_rep,
|
|
||||||
ss2sa(&remote_addr), &addrlen, NULL, NULL, NULL);
|
|
||||||
if (code == KRB5_KDC_UNREACH) {
|
|
||||||
code = k5_sendto(callback_ctx.context, NULL, &creds->server->realm,
|
|
||||||
--
|
|
||||||
2.27.0
|
|
||||||
|
|
|
@ -62,7 +62,7 @@
|
||||||
Summary: The Kerberos network authentication system
|
Summary: The Kerberos network authentication system
|
||||||
Name: krb5
|
Name: krb5
|
||||||
Version: %{krb5_version}
|
Version: %{krb5_version}
|
||||||
Release: %{krb5_release}.0.1%{?dist}
|
Release: %{krb5_release}%{?dist}
|
||||||
|
|
||||||
# rharwood has trust path to signing key and verifies on check-in
|
# rharwood has trust path to signing key and verifies on check-in
|
||||||
Source0: https://web.mit.edu/kerberos/dist/krb5/%{krb5_version_major_minor}/krb5-%{krb5_version}%{?krb5_pre_release}.tar.gz
|
Source0: https://web.mit.edu/kerberos/dist/krb5/%{krb5_version_major_minor}/krb5-%{krb5_version}%{?krb5_pre_release}.tar.gz
|
||||||
|
@ -105,9 +105,6 @@ Patch19: 0019-downstream-Allow-to-set-PAC-ticket-signature-as-opti.patch
|
||||||
Patch20: 0020-downstream-Make-PKINIT-CMS-SHA-1-signature-verificat.patch
|
Patch20: 0020-downstream-Make-PKINIT-CMS-SHA-1-signature-verificat.patch
|
||||||
Patch21: 0021-Enable-PKINIT-if-at-least-one-group-is-available.patch
|
Patch21: 0021-Enable-PKINIT-if-at-least-one-group-is-available.patch
|
||||||
|
|
||||||
#Oracle Patches
|
|
||||||
Patch1000: 1000-Fix_race_condition.patch
|
|
||||||
|
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: https://web.mit.edu/kerberos/www/
|
URL: https://web.mit.edu/kerberos/www/
|
||||||
BuildRequires: autoconf, bison, make, flex, gawk, gettext, pkgconfig, sed
|
BuildRequires: autoconf, bison, make, flex, gawk, gettext, pkgconfig, sed
|
||||||
|
@ -671,9 +668,6 @@ exit 0
|
||||||
%{_libdir}/libkadm5srv_mit.so.*
|
%{_libdir}/libkadm5srv_mit.so.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Jun 21 2023 EL Errata <el-errata_ww@oracle.com> - 1.20.1-9.0.1
|
|
||||||
- Fixed race condition in krb5_set_password() [Orabug: 33609767]
|
|
||||||
|
|
||||||
* Fri Jun 02 2023 Julien Rische <jrische@redhat.com> - 1.20.1-9
|
* Fri Jun 02 2023 Julien Rische <jrische@redhat.com> - 1.20.1-9
|
||||||
- Do not disable PKINIT if some of the well-known DH groups are unavailable
|
- Do not disable PKINIT if some of the well-known DH groups are unavailable
|
||||||
- Resolves: rhbz#2209715
|
- Resolves: rhbz#2209715
|
||||||
|
|
Loading…
Reference in New Issue